Active Directory: User UPN or DN for NTLM name, using pure LDAP?

Posted by Bernd Haug on Stack Overflow See other posts from Stack Overflow or by Bernd Haug
Published on 2010-03-30T08:18:53Z Indexed on 2010/03/30 8:23 UTC
Read the original article Hit count: 290

I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement).

I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory.

The method needs to be absolutely portable, even if the AD is structured in an unusual fashion, otherwise I could just do a string replacement and search for a UPN of "${ntlm-user}@${ntlm-domain}.${configured-trailing-domain}"

How can I do this, using pure LDAP?

Currently, I'm using the java.naming.directory package, which I'd like to keep using, since it doesn't throw up problems when not binding with a DN but logging in with an NTLM name?

© Stack Overflow or respective owner

Related posts about java

Related posts about active-directory